package jdbc.lessen03;


import jdbc.lessen02.util.JdbcUtil;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;

/**
 * @Package lessen03
 * @Author shimmer
 * @Date 2020/7/31 11:56
 * @TODO 使用预编译，防止sql注入（参数为sql指令）
 */
public class PreInsert {
    public static void main(String[] args) {
        Connection conn=null;
        PreparedStatement ps = null;
        try {
            conn = JdbcUtil.getConnection();
            //区别
            String sql="insert into `user`(`id`,`name`,`pwd`) values(?,?,?)";
            ps = conn.prepareStatement(sql);//预编译sql，不执行
            //手动填写参数
            ps.setInt(1,6);
            ps.setString(2,"ddd");
            ps.setString(3,"4532");
            
            int i = ps.executeUpdate();//执行
            if (i > 0) {
                System.out.println("插入成功！");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        } finally {
            JdbcUtil.release(null, ps, conn);
        }
    }
}
